"The signature of Octopus.3.2.20-x64.msi is corrupt or invalid"

When I try to download Octopus Server from the downloads page the downloaded file is marked as having an invalid signature (using IE and/or Edge.

I’ve tried from one Windows 10 client (local PC) and one Windows 2012 VM running in Azure - same issue.

What to do?

I am having the same issue w/ this version. The hash that I calculate after downloading is 00be05ab81b8dc7ca85e32502f406a33, which matches the hash listed on the website.

Hi Clayton and Yooakim,

Thanks for reporting this. Microsoft have deprecated SHA1 signing certificates. We have ordered a new SHA256 certificate to apply to our builds, it just hasn’t arrived yet.
As soon as we get it we will apply it to future builds.

As you have rightly discovered the hash will still match, and you can use this for confirmation. We are on it, and had planned it before the change, but our provider is holding this up.
You can track our issue here: https://github.com/OctopusDeploy/Issues/issues/2316